Bug ID 1146373: Basic authentication for REST admin account fails

Last Modified: Jul 11, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2

Fixed In:
15.1.9

Opened: Sep 06, 2022

Severity: 3-Major

Symptoms

Basic authentication may fail for anything other than creating a token. This has most often been seen after a device had several large AS3 declarations sent to it. Most of the scenarios that caused this were fixed in ID877145 but this added on to that fix. One symptom is you my encounter lots of DNS Null requests: DNS OUT s1/tmm4 : Standard query 0xc33b A null DNS OUT s1/tmm4 : Standard query 0xe366 AAAA null DNS IN s1/tmm4 : Standard query response 0xe366 Server failure AAAA null DNS IN s1/tmm4 : Standard query response 0xc33b Server failure A null

Impact

Basic authentication will fail with a 401 code when it previously used to work. The admin account will also fail. Typically it takes 30 seconds to encounter the failure.

Conditions

Large AS3 declarations suddenly encounters a failure (503). This issue seems to be the most frequent trigger but other scenarios may cause this. If you view the restjavad.audit log you may see a username of local/null logged and showing the 401 for the rest call that was attempted. Also if you capture port 53 during the rest call you may see DNS queries for domain "null".

Workaround

Configure the device to resolve to localhost may work around this issue in some cases. If it does not then a fixed version is needed: To add localhost, run the following commands: tmsh mod sys global-settings remote-host add { null { hostname null addr 127.0.0.1 } } tmsh save sys config

Fix Information

Basic authentication now works reliably

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips